Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-45282— Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

CVSS 6.5 · Medium

Affected Version Matrix 2

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 32.0.0, < 32.0.9affected
>= 33.0.0, < 33.0.3affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45282

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download restrictions. It is applicable to any file that is shared directly, as the attacker only needs to know a documentId they own, apart of the mentioned share token. For shared folders the attacker has to know or guess a documentId of a file that is included inside the folder, making it much harder to exploit. The attacker can only extract an attachments, but not the file shared file or folder itself. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17 or 27.1.11.5
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nextcloudsecurity-advisories >= 32.0.0, < 32.0.9 -

II. Public POCs for CVE-2026-45282

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-45282

登录查看更多情报信息。

Patches & Fixes for CVE-2026-45282 (1)

Vendor Advisories for CVE-2026-45282 (1)

Same Patch Batch · nextcloud · 2026-06-01 · 26 CVEs total

CVE-2026-455458.2 HIGHNextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution
CVE-2026-452818.1 HIGHNextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update
CVE-2026-451568.1 HIGHNextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification
CVE-2026-457227.1 HIGHNextcloud: Tables app allows limited SQLi in ORDER BY with malicious sort order argument f
CVE-2026-458106.8 MEDIUMNextcloud: Propfind requests for file comments allowed to load comments for other files
CVE-2026-452756.5 MEDIUMNextcloud: Authorization bypass in approval feature allows unauthorized file sharing with
CVE-2026-452676.5 MEDIUMNextcloud: Missing permission check for from submissions
CVE-2026-452856.4 MEDIUMNextcloud: Hidden Public Link creation when sharing to a Team External Member
CVE-2026-452836.3 MEDIUMNextcloud: Files Lock app allows users to lock and unlock files of other users
CVE-2026-451576.3 MEDIUMNextcloud: Valid share tokens allow to access tempory upload files of share owner
CVE-2026-456905.9 MEDIUMNextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay
CVE-2026-456915.9 MEDIUMNextcloud: Bypass of second factor authentication on DAV endpoints
CVE-2026-455435.3 MEDIUMNextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible t
CVE-2026-451534.6 MEDIUMNextcloud: PIN bypass in PassCodeActivity via back button
CVE-2026-452844.6 MEDIUMNextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users t
CVE-2026-452794.4 MEDIUMNextcloud: Limited path traversal via template API if using `{lang}` in config
CVE-2026-452644.3 MEDIUMNextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
CVE-2026-452864.3 MEDIUMNextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint
CVE-2026-455444.3 MEDIUMNextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking
CVE-2026-451593.5 LOWNextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files i

Showing top 20 of 26 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: security-advisories
Same vendor: nextcloud
Same weakness: CWE-284

V. Comments for CVE-2026-45282

No comments yet

Leave a comment